2017年9月13日 星期三

Guacamole and Jetty 9 with HTTPS on Raspbian 9 on Raspberry Pi 3B

ref
https://www.raspberrypi.org/forums/viewtopic.php?f=81&t=71166

Configureation UI
enable ssh, vnc on menu "raspberry pi configuration"
Wifi country select GB

create account
ssh pi@192.168.1.3 with raspberry
sudo userdel -r leungric
sudo adduser leungric
sudo nano /etc/sudoers # or sudo visudo
# add line to bottom, must be after $sudo line
leungric ALL=(ALL:ALL) NOPASSWD:ALL
ssh leungric@192.168.1.3
sudo ls -al /root

update if have not yet
sudo apt-get update

real-vnc-server is the builtin one
sudo apt-get install realvnc-vnc-server
sudo adduser leungric sudo
sudo vncpasswd -service
enter pw
# pw set in /root/.vnc/config.d/vncserver-x11
sudo nano /root/.vnc/config.d/vncserver-x11
Authentication=VncAuth
Encryption=AlwaysOff
Password=e0fd0472492935da  # foobar
# now Windows TightVncViewer can use password only to vnc raspberry pi


Wifi
sudo raspi-config

Versions
cat /etc/*release
PRETTY_NAME="Raspbian GNU/Linux 9 (stretch)"
NAME="Raspbian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"

should be optional
sudo apt-get dist-upgrade

xrdp
sudo apt-get install -y xrdp

java
sudo apt-get install oracle-java8-jdk
export JAVA_HOME=/usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt
printenv | grep JAVA
JAVA_HOME=/usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt
java -version
java version "1.8.0_65"
Java(TM) SE Runtime Environment (build 1.8.0_65-b17)
Java HotSpot(TM) Client VM (build 25.65-b01, mixed mode)

listen before jetty
sudo netstat -natup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      1109/vncserver-x11-
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1087/sshd
tcp        0      0 192.168.1.3:22          192.168.1.197:49388     ESTABLISHED 1417/sshd: leungric
tcp        0      0 127.0.0.1:53516         127.0.0.1:39569         ESTABLISHED 1109/vncserver-x11-
tcp        0      0 127.0.0.1:39569         127.0.0.1:53516         ESTABLISHED 1133/vncserverui
tcp6       0      0 :::5900                 :::*                    LISTEN      1109/vncserver-x11-
tcp6       0      0 ::1:3350                :::*                    LISTEN      1934/xrdp-sesman
tcp6       0      0 :::22                   :::*                    LISTEN      1087/sshd
tcp6       0      0 :::3389                 :::*                    LISTEN      1946/xrdp
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           389/avahi-daemon: r
udp        0      0 0.0.0.0:36630           0.0.0.0:*                           389/avahi-daemon: r
udp        0      0 0.0.0.0:68              0.0.0.0:*                           437/dhcpcd
udp6       0      0 :::5353                 :::*                                389/avahi-daemon: r
udp6       0      0 :::42503                :::*                                389/avahi-daemon: r
  

     

jetty9
sudo apt-get update
sudo apt-get -y upgrade
sudo apt-cache search jetty
sudo apt-get -y install jetty9
sudo nano /etc/default/jetty9
NO_START=0 (make sure)
sudo service jetty9 restart
sudo service jetty9 status
http://192.168.1.3:8080

port after jetty restarted
sudo netstat -natup
Proto Local Address           Foreign Address         State      
tcp   0.0.0.0:5900            0.0.0.0:*               LISTEN     
tcp   0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp   127.0.0.1:6010          0.0.0.0:*               LISTEN     
tcp   127.0.0.1:41864         127.0.0.1:35063         ESTABLISHED
tcp   192.168.31.3:22         192.168.31.4:53842      ESTABLISHED
tcp   192.168.31.3:22         192.168.31.4:53843      ESTABLISHED
tcp   127.0.0.1:35063         127.0.0.1:41864         ESTABLISHED
tcp6  :::5900                 :::*                    LISTEN     
tcp6  :::8080                 :::*                    LISTEN     
tcp6  :::22                   :::*                    LISTEN     
tcp6  ::1:6010                :::*                    LISTEN     
tcp6  ::1:43222               ::1:6010                TIME_WAIT  
udp   0.0.0.0:5353            0.0.0.0:*                          
udp   0.0.0.0:60726           0.0.0.0:*                          
udp   0.0.0.0:68              0.0.0.0:*                          
udp6  :::5353                 :::*                               
udp6  :::42955                :::*                               

port after browsed
Send-Q Local Address           Foreign Address         State       
     0 0.0.0.0:5900            0.0.0.0:*               LISTEN      
     0 0.0.0.0:22              0.0.0.0:*               LISTEN      
     0 127.0.0.1:6010          0.0.0.0:*               LISTEN      
     0 127.0.0.1:41864         127.0.0.1:35063         ESTABLISHED 
   108 192.168.31.3:22         192.168.31.4:53842      ESTABLISHED 
     0 192.168.31.3:22         192.168.31.4:53843      ESTABLISHED 
     0 127.0.0.1:35063         127.0.0.1:41864         ESTABLISHED 
     0 :::5900                 :::*                    LISTEN      
     0 :::8080                 :::*                    LISTEN      
     0 :::22                   :::*                    LISTEN      
     0 ::1:6010                :::*                    LISTEN      
     0 192.168.31.3:8080       192.168.31.4:53863      ESTABLISHED 
     0 192.168.31.3:8080       192.168.31.4:53864      ESTABLISHED 
     0 192.168.31.3:8080       192.168.31.4:53865      ESTABLISHED 
     0 192.168.31.3:8080       192.168.31.4:53866      ESTABLISHED 
     0 0.0.0.0:5353            0.0.0.0:*                           
     0 0.0.0.0:60726           0.0.0.0:*                           
     0 0.0.0.0:68              0.0.0.0:*                           
     0 :::5353                 :::*                                
     0 :::42955                :::*                                

basic packages
sudo apt-get install -y
libjpeg62-turbo-dev
libcairo2-dev
libossp-uuid-dev
libjpeg is required for writing jpeg messages
Cairo is required for drawing instructions
The OSSP UUID library is required

then required packages
sudo apt-get install -y
gawk
libssl-dev
libogg-dev
libvorbis-dev
libpulse-dev
libfreerdp-dev
libwebp-dev
libpango1.0-dev
libavcodec-dev
libavutil-dev
libswscale-dev
libtelnet-dev
libvncserver-dev

finally required packages
sudo apt-get install -y
libssh-dev
libssh2-1-dev

Recheck for below
./configure --with-init-dir=/etc/init.d
checking for gawk... gawk
Unable to find libssl.
Unable to find libogg / libvorbis / libvorbisenc
Unable to find libpulse
Unable to find libfreerdp-core / libfreerdp
Unable to find libwebp
libssl .............. yes
libvorbis ........... yes
libpulse ............ yes
freerdp ............. yes
libwebp ............. yes
pango ............... yes
libavcodec .......... yes
libavutil ........... yes
libswscale .......... yes
libVNCServer ........ yes
SSH ....... yes
Telnet .... yes
VNC ....... yes

Debian 11 2022 (not Debian 9 2018, not work in Debian 11 2022)
# sudo apt-get install libfreerdp-dev
sudo apt-get install freerdp2-dev

prohibit packages
sudo apt-get install -y
libpng12-dev (this will remove cairo and cause failure)


configure server (0.9.13 working in 2021)
guacamole-server-0.9.13-incubating.tar.gz
wget --user-agent=Mozilla \ -e robots=off "https://archive.apache.org/dist/guacamole/0.9.13-incubating/source/guacamole-server-0.9.13-incubating.tar.gz" -O guacamole-server-0.9.13-incubating.tar.gz
tar -xzf guacamole-server-0.9.13-incubating.tar.gz
cd guacamole-server-0.9.13-incubating
./configure --with-init-dir=/etc/init.d

configure server (1.0.0 yes work in Debian 9 Stretch in 2022)
wget --user-agent=Mozilla \ -e robots=off "https://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.0.0/source/guacamole-server-1.0.0.tar.gz" -O guacamole-server-1.0.0.tar.gz
tar -xzf guacamole-server-1.0.0.tar.gz
cd guacamole-server-1.0.0
./configure --with-init-dir=/etc/init.d

configure server (1.4.0 not work in Debian 11 2022)
sudo apt-get install -y libwebsockets-dev libavcodec-dev libavformat-dev libavutil-dev libswsccale-dev
wget --user-agent=Mozilla \ -e robots=off "https://apache.org/dyn/closer.lua/guacamole/1.4.0/source/guacamole-server-1.4.0.tar.gz?action=download" -O guacamole-server-1.4.0.tar.gz
tar -xzf guacamole-server-1.4.0.tar.gz
cd guacamole-server-1.4.0
./configure --with-init-dir=/etc/init.d



guacamole-server version 0.9.13
guacamole-server version 0.9.13-incubating
   Library status:
     freerdp ............. yes
     pango ............... yes
     libavcodec .......... yes
     libavutil ........... yes
     libssh2 ............. yes
     libssl .............. yes
     libswscale .......... yes
     libtelnet ........... yes
     libVNCServer ........ yes
     libvorbis ........... yes
     libpulse ............ yes
     libwebp ............. yes
   Protocol support:
      RDP ....... yes
      SSH ....... yes
      Telnet .... yes
      VNC ....... yes
   Services / tools:
      guacd ...... yes
      guacenc .... yes
   Init scripts: /etc/init.d
Type "make" to compile guacamole-server.

Leaving theses nos

Line 16: checking whether we are cross compiling... no
Line 20: checking for gcc option to accept ISO C89... none needed
Line 38: checking for dlltool... no
Line 45: checking for sysroot... no
Line 49: checking if mt is a manifest tool... no
Line 63: checking if gcc supports -fno-rtti -fno-exceptions... no
Line 70: checking whether -lc should be explicitly linked in... no
Line 73: checking for shl_load... no
Line 74: checking for shl_load in -ldld... no
Line 75: checking for dlopen... no
Line 78: checking whether a statically linked program can dlopen itself... no
Line 89: checking for gcc option to accept ISO C99... none needed
Line 111: checking pngstruct.h usability... no
Line 112: checking pngstruct.h presence... no
Line 113: checking for pngstruct.h... no
Line 124: checking for CU_run_test in -lcunit... no
Line 125: checking for main in -lwsock32... no
Line 146: checking whether DSA_SIG_get0 is declared... no
Line 147: checking whether DSA_get0_pqg is declared... no
Line 148: checking whether DSA_get0_key is declared... no
Line 149: checking whether RSA_get0_key is declared... no
Line 169: checking whether freerdp_convert_gdi_order_color is declared... no
Line 170: checking whether freerdp_color_convert_drawing_order_color_to_gdi_color is declared... no
Line 171: checking for rdpSvcPlugin.interval_ms... no
Line 183: checking for rdpSettings.SupportDisplayControl... no
Line 197: checking for rdpSettings.Width... no
Line 198: checking for rdpSettings.Height... no
Line 203: checking for CHANNEL_ENTRY_POINTS_FREERDP... no
Line 208: checking whether IWTSVirtualChannelCallback.OnDataReceived() uses a wStream... no
Line 209: checking whether interleaved_decompress() accepts an additional palette parameter... no
Line 210: checking whether planar_decompress() can flip... no
Line 211: checking for rdpContext.codecs... no
Line 217: checking for gcry_control in -lssh2... no

guacamole-server version 1.4.0 (may work in Debian 11 2022)
------------------------------------------------
guacamole-server version 1.4.0
------------------------------------------------

   Library status:

     freerdp2 ............ yes
     pango ............... yes
     libavcodec .......... yes
     libavformat.......... yes
     libavutil ........... yes
     libssh2 ............. yes
     libssl .............. yes
     libswscale .......... yes
     libtelnet ........... yes
     libVNCServer ........ yes
     libvorbis ........... yes
     libpulse ............ yes
     libwebsockets ....... yes
     libwebp ............. yes
     wsock32 ............. no

   Protocol support:

      Kubernetes .... yes
      RDP ........... yes
      SSH ........... yes
      Telnet ........ yes
      VNC ........... yes

   Services / tools:

      guacd ...... yes
      guacenc .... yes
      guaclog .... yes

   FreeRDP plugins: /usr/lib/arm-linux-gnueabihf/freerdp2
   Init scripts: /etc/init.d
   Systemd units: no

Type "make" to compile guacamole-server.


install server
make
sudo make install
sudo ldconfig
sudo update-rc.d guacd defaults
sudo /etc/init.d/guacd restart
sudo /etc/init.d/guacd status
guacd is running with PID=27937.
sudo service guacd status
ps -ef | grep guacd
root     27937     1  0 02:25 ?        00:00:00 /usr/local/sbin/guacd -p /var/run/guacd.pid
leungric 27952   912  0 02:25 pts/0    00:00:00 grep --color=auto guacd
# sudo systemctl status guacd  # Active: inactive (dead) # no need to use systemctl

Maven
sudo apt-get install -y maven

install client war ( 0.9.13 debian 9 2018)
wget --user-agent=Mozilla \ -e robots=off "https://archive.apache.org/dist/guacamole/0.9.13-incubating/source/guacamole-client-0.9.13-incubating.tar.gz" -O guacamole-client-0.9.13-incubating.tar.gz
tar -xzf guacamole-client-0.9.13-incubating.tar.gz
cd guacamole-client-0.9.13-incubating/
mvn package (very long time on 1.2GHz Quad Core, take a break, 15-30mins)
cd guacamole/target/
ls guacamole-0.9.13-incubating.war
sudo mv guacamole-0.9.13-incubating.war /usr/share/jetty9/webapps/guacamole.war
sudo service jetty9 restart
http://192.168.1.3:8080/guacamole

install client war (1.0.0 yes work in debian 9 2022)
wget --user-agent=Mozilla \ -e robots=off "https://archive.apache.org/dist/guacamole/1.0.0/source/guacamole-client-1.0.0.tar.gz" -O guacamole-client-1.0.0.tar.gz
tar -xzf guacamole-client-1.0.0.tar.gz
cd guacamole-client-1.0.0
mvn package (very long time on 1.2GHz Quad Core, take a break, 15-30mins)
cd guacamole/target/
ls guacamole-1.0.0.war
sudo mv guacamole-1.0.0.war /usr/share/jetty9/webapps/guacamole.war
sudo service jetty9 restart
http://192.168.1.3:8080/guacamole

install client war (1.4.0 debian 11 2022)
wget --user-agent=Mozilla \ -e robots=off "https://apache.org/dyn/closer.lua/guacamole/1.4.0/binary/guacamole-1.4.0.war?action=download" -O guacamole-1.4.0.war
ls guacamole-1.4.0.war
sudo mv guacamole-1.4.0.war /usr/share/jetty9/webapps/guacamole.war
sudo service jetty9 restart
http://192.168.1.3:8080/guacamole



configure
sudo mkdir /usr/share/jetty9/.guacamole
cd /usr/share/jetty9/.guacamole

sudo nano guacamole.properties
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port:     4822
# Location to read extra .jar's from
lib-directory:  /usr/share/jetty9/.guacamole
# Authentication provider class
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
# Properties used by BasicFileAuthenticationProvider
basic-user-mapping: /usr/share/jetty9/.guacamole/user-mapping.xml

sudo nano  /usr/share/jetty9/.guacamole/user-mapping.xml
<user-mapping>
    <authorize username="leungric" password="2d4b6753d3e94ef39a1de5cddef6aa44" encoding="md5">
        <connection name="pi 192.168.1.3 rdp">
             <protocol>rdp</protocol>
             <param name="hostname">192.168.1.3</param>
             <param name="port">3389</param>
       </connection>
       <connection name="pi 192.168.1.3 ssh">
             <protocol>ssh</protocol>
             <param name="hostname">192.168.1.3</param>
             <param name="port">22</param>
       </connection>
       <connection name="pi 192.168.1.3 vnc">
             <protocol>vnc</protocol>
             <param name="hostname">192.168.1.3</param>
             <param name="port">5900</param>
             <param name="password">Tin.netS1....</param>
       </connection>
    </authorize>
</user-mapping>

http://192.168.1.3:8080/guacamole
leungric
....
need sudo service jetty9 restart # not sudo /etc/init.d/guacd restart

ssh 8443 optional (unsuccessful, dont use, verify after 2021, working 2022)
# https://stackoverflow.com/questions/4008837/configure-ssl-on-jetty
cd /usr/share/jetty9
sudo openssl genrsa -des3 -out jetty.key
# enter 8 char pw
sudo openssl req -new -x509 -key jetty.key -out jetty.crt
# enter 8 char pw
# many default enter
sudo keytool -keystore keystore -import -alias jetty -file jetty.crt -trustcacerts
# enter 8 char pw
# trust? yes, cert added keystore
# try skip this line # sudo openssl req -new -key jetty.key -out jetty.csr
sudo openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12
# enter 8 char pw 3 times
sudo keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore
# enter 8 char pw
# 1 successfully imported

HTTPS/SSL (working 2022 with 0.9.13 and also 1.0.0)
cd /usr/share/jetty9
ls /usr/share/jetty9/start.jar
sudo java -jar /usr/share/jetty9/start.jar --add-to-startd=ssl,https
# many initialised, enabled in start.ini
sudo nano /usr/share/jetty9/start.d/https.ini
# https.port=8443, exit
sudo nano /usr/share/jetty9/start.d/ssl.ini
# jetty.secure.port=8443, exit
sudo service jetty9 restart
sudo service jetty9 status
sudo netstat -natup | grep -E "8080|8443"
# :::8443 :::8080 :::* LISTEN  3828/java
sudo ss -natup | grep -E "8080|8443"
https://192.168.1.3:8443/
https://192.168.1.3:8443/guacamole

RDP to Windows 10 and 11 (2022)
# https://stackoverflow.com/questions/44039126/guacamole-windows-10-rdp-failed
# https://stackoverflow.com/questions/44039126/guacamole-windows-10-rdp-failed
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
Change “SecurityLayer” value to 1 (from possibly value 2)
Verify “UserAuthentication” value is 0


沒有留言:

張貼留言

2023 Promox on Morefine N6000 16GB 512GB

2023 Promox on Morefine N6000 16GB 512GB Software Etcher 100MB (not but can be rufus-4.3.exe 1.4MB) Proxmox VE 7.4 ISO Installer (1st ISO re...